[ALPS03825066] Fix boot fail

[Detail] System processes have no permission to access
vendor_default_prop

[Solution] Add get vendor_default_prop rule for system
processes

MTK-Commit-Id: ad4fb4d8ae4fb38767c16b82ce9d8351f5f59702

Change-Id: I31cf13db6b50a3cff193aa0a34bc1130e5b18942
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK

non_plat/bootanim.te

@@ -21,3 +21,8 @@ allow bootanim proc_ged:file {open read write ioctl getattr};
 # Purpose : For MTK perfmgr
 allow bootanim proc_perfmgr:dir {search read};
 allow bootanim proc_perfmgr:file {open read ioctl};
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(bootanim, vendor_default_prop)

non_plat/installd.te

@@ -0,0 +1,8 @@
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(installd, vendor_default_prop)

non_plat/keystore.te

@@ -12,3 +12,8 @@ allow keystore app_data_file:file write;
 # Purpose : Fix keystore boot selinux violation
 #allow keystore debugfs_tracing:file write;
 allow hal_keymaster_default debugfs_tracing:file write;
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(keystore, vendor_default_prop)

non_plat/mediadrmserver.te

@@ -14,3 +14,8 @@ allow mediadrmserver proc_ged:file {open read write ioctl getattr};
 # Purpose : Change thermal config
 allow mediaserver mtk_thermal_config_prop:file { getattr open read };
 allow mediaserver mtk_thermal_config_prop:property_service set;
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(mediadrmserver, vendor_default_prop)

non_plat/mediaextractor.te

@@ -5,3 +5,8 @@
 # Date : WK16.33
 # Purpose: Allow to access ged for gralloc_extra functions
 allow mediaextractor proc_ged:file {open read write ioctl getattr};
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(mediaextractor, vendor_default_prop)

non_plat/mediametrics.te

@@ -0,0 +1,8 @@
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(mediametrics, vendor_default_prop)

non_plat/mobile_log_d.te

@@ -56,3 +56,8 @@ allow mobile_log_d port:tcp_socket { name_connect name_bind };
 allow mobile_log_d mobile_log_d:tcp_socket { create connect setopt bind };
 allow mobile_log_d mobile_log_d:tcp_socket { bind setopt listen accept read write };
 allow mobile_log_d node:tcp_socket node_bind;
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(mobile_log_d, vendor_default_prop)

non_plat/netdiag.te

@@ -26,3 +26,8 @@ allow netdiag mmc_prop:file { getattr open };
 # purpose: allow netdiag to access storage in new version
 allow netdiag media_rw_data_file:file  { create_file_perms };
 allow netdiag media_rw_data_file:dir { create_dir_perms };
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(netdiag, vendor_default_prop)

non_plat/system_server.te

@@ -191,3 +191,8 @@ allow system_server mtk_thermal_config_prop:property_service set;
 # Purpose : perfmgr permission
 allow system_server proc_perfmgr:dir {read search};
 allow system_server proc_perfmgr:file {open read ioctl};
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(system_server, vendor_default_prop)

plat_private/statsd.te

@@ -0,0 +1,8 @@
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(statsd, vendor_default_prop)

plat_private/storaged.te

@@ -0,0 +1,8 @@
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(storaged, vendor_default_prop)